← Retour aux CVEs
CVE-2020-5528
MEDIUM6.1
Description
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.
Details CVE
Score CVSS v3.16.1
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie2/6/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
sixapart:movable_type
Faiblesses (CWE)
CWE-79
References
http://jvn.jp/en/jp/JVN94435544/index.html(vultures@jpcert.or.jp)
https://movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html(vultures@jpcert.or.jp)
http://jvn.jp/en/jp/JVN94435544/index.html(af854a3a-2127-422b-91ae-364da2661108)
https://movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.